Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jan 2009 11:44:53 -0500
From:      Steve Bertrand <steve@ibctech.ca>
To:        Artem Kuchin <matrix@itlegion.ru>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: Blocking very many (tens of thousands) ip addresses in ipfw
Message-ID:  <496E1685.8090605@ibctech.ca>
In-Reply-To: <496E117D.8030306@itlegion.ru>
References:  <496E117D.8030306@itlegion.ru>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Artem Kuchin wrote:
> I need to block around 150000 ip addreses from acccess the server at all
> at any port.  The addesses are random, they are not nets.
> These are the spammer i want to block for 24 hours.
> The list is dynamically generated and regenerated every hour or so.
> What is the most efficient way to do it?
> At first i thought doing ipfw rules using 5 ips per rule, that would
> result in 30000 rules! This will be too slow!
> I need to something really quick and smart. Like matching the first
> number from ip (195 from 192.1.2.3),
> if it does not match - skip, if it does - compare the next one
> and so on.

Use tables. They are efficient, and easy to manipulate.

# ipfw table 1 add xx.xx.xx.xx/xx
# ipfw deny all from "table(1)" to any

It would be best if you allowed only legitimate IP addresses to pass
traffic in/out of your network, and then deny all else, but the way your
message reads, this is SMTP traffic inbound, so 'allow some, deny the
rest' doesn't work too well here.

Steve




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?496E1685.8090605>